[cryptography] DKIM: Who cares?

Thierry Moreau thierry.moreau at connotech.com
Fri Oct 26 08:02:10 EDT 2012


Peter Gutmann wrote:
> John Levine <johnl at iecc.com> writes:
> 
>> Is there some point to speculating ...?
> 
> Absolutely. ...

> ... so I'm
> assuming there was some business-case issue ...
> ... a security mechanism was deployed on a large scale ...
> 

Let me speculate a moment.

The 384 bits keys are much more efficient than 768+ keys (see HIP 
specifications first version which had a 384 bits DH prime for low-end 
environments).

The business case is to avoid upgrading the e-mail servers merely 
because you turn on DKIM (hitting a CPU horsepower limit).

Keep in mind that the RSA vs DSA spreads of CPU load between signer and 
verifier are reversed (RSA signature is more CPU-intensive, DSA 
verification is more CPU-intensive).

Regards,

-- 
- Thierry Moreau




More information about the cryptography mailing list